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Art Unit: 2432 

This is in response to tlie appeal brief filed 04/23/2010 appealing from the Office 
action mailed 11/24/2009. 

(1) Real Party in Interest 

The examiner has no comment on the statement, or lack of statement, identifying 
by name the real party In interest in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial 
proceedings which will directly affect or be directly affected by or have a bearing on the 
Board's decision in the pending appeal. 

(3) Status of Claims 

The following is a list of claims that are rejected and pending in the application: 
1-3, 5, 7-10, 12, 14-17, 19 and 21-27. 

(4) Status of Amendments After Final 

The examiner has no comment on the appellant's statement of the status of 
amendments after final rejection contained in the brief. 

(5) Summary of Claimed Subject Matter 

The examiner has no comment on the summary of claimed subject matter 
contained in the brief. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The examiner has no comment on the appellant's statement of the grounds of 
rejection to be reviewed on appeal. Every ground of rejection set forth in the Office 
action from which the appeal is taken (as modified by any advisory actions) is being 
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maintained by the examiner except for the grounds of rejection (if any) listed under the 
subheading "WITHDRAWN REJECTIONS." New grounds of rejection (if any) are 
provided under the subheading "NEW GROUNDS OF REJECTION." 

(7) Claims Appendix 

The examiner has no comment on the copy of the appealed claims contained in 
the Appendix to the appellant's brief. 

(8) Evidence Relied Upon 

6,854,060 KILKKILA 11-2001 

7,434,257 GARG ET AL. 5-2001 

2002/0161733 GRAINGER 11-2001 

Burke et al., "Simulation In A Distributed Mobile Switching Center Environment", 
IEEE, 1985, pp. 135-139 

(9) Grounds of Rejection 

The following ground(s) of rejection are applicable to the appealed claims: 
Claims 1-3, 5, 7-10, 12, 14-17, 19 and 21 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Kilkkila (US 6,854,060) in view of Burke et al. ("Simulation In A 
Distributed Mobile Switching Center Environment") and Garg et al. (US 7,434,257). 
Kilkkila discloses a method for dynamically modifying an access right profile including a 
set of user authorized resources in a telephone switching system (Abstract). 

Regarding claims 1 , 8 and 15, Kilkkila specifically discloses a method for 
restricting access to a set of resources comprising: 



Application/Control Number: 1 0/621 ,935 Page 4 

Art Unit: 2432 

determining a set of authorized resources for wliicli a user is authorized to 
access, i.e., determining access right profile for a user in a phone switching system (fig. 
2, step 20; col. 2, lines 22-27); 

obtaining state information about the set of authorized resources, i.e., obtaining 
information about the phone switching system and its resources, e.g., time of day and 
number of users, system utilization rate, network utilization rate, etc. (col. 2, lines 29- 
50); 

evaluating availability of the set of authorized resources by comparing the state 
information about the set of authorized resources against a configurable rule associated 
with one or more resources in the set of authorized resources, i.e., comparing the 
obtained state information against a condition/limit/threshold specified in a rule in the 
access right profile, and determining if there is a need to modify the set of authorized 
resources, e.g., when there are more users at day time, when the system utilization rate 
exceeds a threshold, when an alarm situation arises, when user's session duration, 
number of operations used/sessions held exceed a limit, etc. (fig. 2, steps 21-24; col. 4, 
lines 20-62); 

in response to evaluating availability of the set of authorized resources using the 
configurable rule, generating a list of a set of entitled resources for the user, wherein the 
set of entitled resources is a subset of the set of authorized resources, i.e., modifying 
the access right profile such that less access rights are authorized (fig. 2, step 25; col. 
2, lines 9-15; col. 4, lines 20-62); 
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preventing the user from accessing resources that are in the set of authorized 
resources but that are not in the set of entitled resources, i.e., allowing the user to 
access only resources in the set of entitled resources (col. 4, lines 20-62). 

Kilkkila does not disclose utilizing the phone switching system in a distributed 
environment. Burk discloses utilizing phone switching systems in a distributed 
environment (Abstract). It would have been obvious to one of ordinary skill in the art at 
the time the invention was made to utilize the phone switching system in a distributed 
environment, as taught by Burk. Distributed systems have the potential to permit 
growth many times the size of an individual unit within that system. 

Kilkkila discloses performing the method for all users such that the access right 
profiles of all users are modified in response to a predetermined situation occurring in 
the system (e.g., time of day) regardless of whether any user requests to access the 
system or not. Kilkkila does not disclose performing the method on an individual basis 
such that only the access right profiles of those who request to access the resource(s) 
are modified. Garg also discloses a method for providing dynamic authorization 
according to dynamic factor such as time of day wherein a user access right profile (i.e., 
client context) is modified only when the corresponding user requests to access a 
resource(s) (Abstract; fig. 5A, steps 515-540 and corresponding text). It would have 
been obvious to one of ordinary skill in the art at the time the invention was made to 
modify Kilkkila's method such that it is performed on an individual basis and in response 
to receiving a user's request to access a resource, as taught by Garg, so that only the 
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access right profiles of those who requested to access the resource(s) would be 
modified. 

■ Regarding claims 2, 9, and 16, Kilkkila further discloses sending an indication of 
the set of entitled resources to the user, i.e., requests to access resources not in the set 
of entitled resources are not authorized (col. 4, lines 20-62). 

Regarding claims 3, 10 and 17, Kilkkila further discloses responding to requests 
for the user to access the set of entitled resources (col. 4, lines 20-62). 

Regarding claims 5, 12 and 19, Kilkkila further discloses considering user 
attributes of the user while evaluating availability of the set of authorized resources (col. 
2, lines 22-37). 

■ Regarding claims 7, 14 and 21 , Kilkkila discloses gathering state information 
using a monitoring application. Kilkkila does not disclose gathering state information 
using a distributed monitoring application; however, it would have been obvious by the 
combination of using Kilkkila's switching system in Burk's distributed environment to use 
a distributed monitoring application forgathering state information. 

Claims 22-27 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Kilkkila in view of Burke as applied to claims 1, 8 and 15 above, and further in view of 
Grainger (US 2002/0161733). 

■ Regarding claims 22, 24 and 26, Kilkkila does not disclose providing the user 
with a web page including only URI for resources that the user can access. Grainger 
discloses providing a user with a web page (i.e., a home page) including only URI for 
resources that the user can access (par. 0053-0054). It would have been obvious to 
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one of ordinary skill in the art at the time the invention was made to modify the 
combined method of Kilkkila and Burke to provide the user with a web page including 
only URI for resources that the user can access, as taught by Grainger. The motivation 
for doing so would have been to let the user know what can or cannot be accessed. 

Regarding claims 23, 25 and 27, Kilkkila does not disclose providing users with 
access to different resources according to their status. Grainger discloses disclose 
providing users with access to different resources according to their status, i.e., roles 
(par. 0052-0054). It would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify the combined method of Kilkkila and Burke to 
provide users with access to different resources according to their roles, as taught by 
Grainger. An advantage of role-based access control is efficient management of 
access to resources. 

(10) Response to Argument 

Appellant argues that, in Kilkkila, there is not obtaining "state information" about 
the "commands" listed in the access right profile and then pruning that command list to 
a "set of entitled [commands]." Appellant reasons that, in Kilkkila (the first embodiment), 
the system has a set of commands in the access right profile that are modified 
according to other factors - but not the "state information about the set of authorized 
resources" (Brief, last paragraph of page 14). Kilkkila discloses: (i) a telephone 
switching system includes various computer units (fig. 1, element 11; col. 1, lines 13- 
35); (ii) a user is authorized to access the system from a remote computer to 
control/change the operation of the system using control commands which are executed 
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by the system (fig. 1, element 12; col. 1, lines 21-46; col. 3, lines 23-26); and (iii) if the 
utilization rate of the system exceeds a certain limit, only commands of the most 
important nature can be executed, or if the telephone network is heavily loaded, the 
number of remote sessions may be limited (col. 1 , lines 36-46; col. 2, lines 22-54). It is 
clear that the user's authorized control commands are to be executed by the system, 
and which commands can be executed depends on the utilization rate of the system. 
Similarly, although the user is authorized to remotely access the system, he may not be 
allowed to establish a remote session if the system network is heavily loaded. 
Therefore, information regarding the system utilization rate and system network load is 
state information about authorized resources. 

■ Appellant addresses Kilkkila's second embodiment in the first full paragraph of 
page 15; however, this embodiment is not used for the rejection. 

Appellant argues that the claimed method restricts access to a set of physical 
resources whereas Kilkkila is simply restricting access to a set of commands in a 
management interface (Brief, last paragraph of page 15). Kilkkila discloses that the 
commands are used to control/change the operation of the system including various 
computer units which are physical resources (col. 1 , lines 28-35). 

■ Appellant argues that Garg simply builds a client context in response to a client 
request but not taking some larger set of entries and then pruning (Brief, page 1 6). As 
indicated in the rejection mailed on 1 1/24/2009, Garg is relied upon for the teaching of 
modifying a user access right profile only when the user requests to access a resource. 
Specifically, Garg discloses: (i) controlling access to resources using dynamic factors 
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such as time of day, weather, etc. (Abstract; col. 9, lines 8-32); (ii) in response to a 
client request for a resource, determining a user access right profile (i.e., computing the 
client context) (fig. 5B, step 520; col. 1 1 , lines 16-20), which would be used to determine 
whether the user is authorized to access the resource in a conventional system (fig. 5B, 
the dashed line b; col. 11, lines 16-23); (iii) determining if the user access right profile is 
to be modified (i.e., computing dynamic group to determine if group membership for the 
client context is to be changed based on dynamic data) (fig. 5B, step 530; col. 11, lines 
23-26); and (iv) modifying the user access right profile (i.e., updating the client context) 
(fig. 58, step 540; col. 1 1 , lines 26-28). 

Appellant argues Kilkkila does not disclose or suggest "sending an indication of 
the set of entitled resources to the user" according to an embodiment illustrated in 
Figure 58 and associated text in the specification (8rief, page 19). Although the claims 
are interpreted in light of the specification, limitations from the specification are not read 
into the claims. See In re Van Geuns, 988 F.2d 1 181, 26 USPQ2d 1057 (Fed. Cir. 
1993). Since the claims do not recite (i) what constitute an indication of the set of 
entitled resources, and (ii) when the indication is sent to the user, a broad and 
reasonable interpretation of such an indication is that the system, in response to certain 
events (i.e., the utilization rate of the system exceeds a certain limit or the telephone 
network is heavily loaded), denies the user access to resources that he is permitted to 
access in normal circumstances. 

■ Appellant argues that Grainger does not provides the user a web page without a 
particular URI for an authorized but non-entitled resource (8rief, 2"" paragraph of page 
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21 ). The limitation "a web page without a particular URI for an authorized but non- 
entitled resource" is equivalent to a web page showing URIs of resources that a user 
can access (i.e., by clicking on the URIs), and Grainger discloses such a web page 
(paragraphs 0053-0054). 

■ Appellant argues that the Kilkkila/Burke/Grainger combination would not function 
"in response to" an access request that is for an "authorized [but non-]entitled resource" 
(Brief, page 22); however, the feature "authorized [but non-]entitled resource" is not 
recited in claims 23, 25 and 27. The claims deal with providing different users with 
different access to the same resource according to their status (i.e., a user with a 
certain role/position is allowed to access a specific resource whereas another user with 
a different role/position is not) and Grainger discloses such feature (paragraphs 0053- 
0054). 

(11) Related Proceeding(s) Appendix 

No decision rendered by a court or the Board is identified by the examiner in the 
Related Appeals and Interferences section of this examiner's answer. 

For the above reasons, it is believed that the rejections should be sustained. 
Respectfully submitted, 

/Minh Dinh/ 

Primary Examiner, Art Unit 2432 

Conferees: 

/Benjamin E Lanier/ 

Primary Examiner, Art Unit 2432 

/Gilberto Barron Jr./ 

Supervisory Patent Examiner, Art Unit 2432 



